upgrade http-server to latest version to avoid security issue #7916
arthurgeek
started this conversation in
Feature Requests
Replies: 1 comment
-
|
It looks like it was fixed on v13.4.2 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi!
The http-server version used by
webdepends on a very old version of ecstatic. This package is no longer maintained and newer versions ofhttp-serverhave already removed that dependency. That version also contains a known security problem.I tried doing it myself and open a PR, but I'm very confused about the way dependencies are managed inside the NX monorepo since the
http-serverdependency is listed twice, one in the mainpackage.jsonand in the web package ownpackage.jsonfile. The contributing guidelines have no mention of this and I couldn't find elsewhere.Beta Was this translation helpful? Give feedback.
All reactions